30 lines
748 B
PHP
30 lines
748 B
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
session_start();
|
|
require_once '../db/config.php';
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
echo json_encode(['error' => 'Unauthorized']);
|
|
exit();
|
|
}
|
|
|
|
if (!isset($_GET['order_id'])) {
|
|
echo json_encode(['error' => 'No order ID specified']);
|
|
exit();
|
|
}
|
|
|
|
$order_id = $_GET['order_id'];
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
// Fetch order status, ensuring the user owns the order
|
|
$stmt = $db->prepare("SELECT status FROM orders WHERE id = ? AND user_id = ?");
|
|
$stmt->execute([$order_id, $user_id]);
|
|
$order = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($order) {
|
|
echo json_encode(['status' => $order['status']]);
|
|
} else {
|
|
echo json_encode(['error' => 'Order not found or permission denied']);
|
|
}
|
|
?>
|